package com.zyg.order.config;

import org.jasig.cas.client.session.SingleSignOutFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;

/**
 * ------------------------------
 * 作者: LMY
 * 类-功能: spring securityConfig配置类
 * 创建时间: 2021-11-11 17:25
 * ------------------------------
 **/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired(required = false)
    AuthenticationEntryPoint authenticationEntryPoint;  //身份验证入口
    @Autowired(required = false)
    AuthenticationProvider authenticationProvider;     //身份验证提供者
    @Autowired(required = false)
    SingleSignOutFilter singleSignOutFilter;            //单点退出过滤器
    @Autowired(required = false)
    LogoutFilter logoutFilter;                          //登录过滤器
    @Autowired(required = false)
    CasAuthenticationFilter casAuthenticationFilter;    //CAS身份校验过滤器

    /**
     * 作者 : LMY
     * 功能 : 重写父类 Web安全配置适配类的配置方法 - auth
     * 时间 : 2021/11/11 17:29
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //身份验证管理生成器，拿到身份提供者
        auth.authenticationProvider(authenticationProvider);
    }

    /**
     * 作者 : LMY
     * 功能 : 重写父类 Web安全配置适配类的配置方法 --http
     * 时间 : 2021/11/11 17:31
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/user/**")
                .hasRole("user")
                .antMatchers("/login/cas").permitAll()
                .anyRequest().authenticated()
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)  //添加身份验证入口点
                .and()
                .addFilter(casAuthenticationFilter)      //添加CAS身份校验过滤器
                .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)  //在过滤器之前添加单点退出过滤器
                .addFilterBefore(logoutFilter, LogoutFilter.class); //在过滤器之前添加登录过滤器
    }

}
